close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Reporting>Samsung Mobile Security Risk Classification

Security Reporting

Samsung Mobile Security Risk Classification

The severity level is classified to 5 levels (Critical, High, Moderate, Low, and No (or Very Low) Security Impact) depending on the security risk and impact, and the following table includes our security risk classification criteria as a standard guidance. Each security vulnerability reported will be assigned a risk rating based on this table, however it may change by some factors like restricted conditions or required permissions. It will be decided by Samsung’s internal evaluation in its sole discretion.

Please note that this table may be updated without advanced notice.

Samsung Mobile Security Risk Classification
Classification Description / Classification Criteria
Critical
  • Remote arbitrary code execution in a privileged process, bootloader, TCB
  • Arbitrary code execution in the TEE or SE (Hardware-based security solution)
  • Remote secure boot bypass
  • Unauthorized access to hardware-protected key
  • Remote permanent denial of service (device inoperability; completely permanent or requiring re-flashing the entire operating system or a factory reset)
  • Remote bypass of user interaction requirements for any developer, security, or privacy settings
  • Remote bypass of user interaction requirements on package installation or equivalent behavior
  • Unauthorized access to data secured by the SE (Hardware-based security solution)
High
  • Local arbitrary code execution in a privileged process, bootloader, TCB
  • Remote arbitrary code execution in an unprivileged process
  • A general bypass for a defense in depth or exploit mitigation technology in the bootloader, TEE, or SE (Hardware-based security solution)
  • Lockscreen bypass
  • Bypass of Carrier Restrictions or unauthorized network unlock
  • Targeted prevention of access to emergency services
  • Local secure boot bypass
  • Remote access to protected data (data that is limited to a privileged process)
  • Unauthorized access to data secured by the TEE
  • Local permanent denial of service (device inoperability: completely permanent or requiring re-flashing the entire operating system or a factory reset)
  • A general bypass for operating system protections that isolate app data or user profiles from each other
  • Local bypass of user interaction requirements for any developer, security, or privacy settings
  • Local bypass of user interaction requirements on package installation or equivalent behavior
  • Remote bypass of user interaction requirements (access to functionality or data that would normally require either user initiation or user permission)
  • Targeted downgrade of security implementation on SE (Hardware-based security solution)
Moderate
  • Remote arbitrary code execution in a constrained process
  • Local arbitrary code execution in an unprivileged process
  • A general bypass for a defense in depth or exploit mitigation technology in a privileged process or the TCB
  • Bypass of restrictions on a constrained process
  • Unauthorized access to software-protected key
  • Local access to protected data (data that is limited to a privileged process)
  • Remote access to protected data (data accessible to locally installed app)
  • Remote access to unprotected data (data normally accessible to any locally installed app)
  • Remote temporary device denial of service (remote hang or reboot)
  • Local bypass of user interaction requirements (access to functionality or data that would normally require either user initiation or user permission)
  • Bypass of device protection/factory reset protection (from theft)
Low
  • Local arbitrary code execution in a constrained process
  • A general bypass for a user level defense in depth or exploit mitigation technology in an unprivileged process
  • Non-compliance of recommended security standards
  • Remote temporary application denial of service
  • Local access to protected data (data accessible to locally installed app)
No (or Very Low) Security Impact
  • Non-exploitable vulnerability or a vulnerability with lower impact than Low that can be mitigated by one or more existing controls
  • Examples of this category may include:
    • Local temporary denial of service
    • SQL injection in content providers without any escalation of privileges
Note: For timely distribution of security updates for vulnerabilities with greater security impact and severity, lower severity security issues including Low and below will be addressed in either one of the upcoming general software update, the next version of Android OS update or the next generation of devices released by Samsung. And SVE/CVE ID's will be assigned and credited for Moderate and above security issues only.

- Last updated: March 1, 2022